Examples of CertTemplate

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
    OptionalValidity myOptionalValidity = new OptionalValidity();
    org.bouncycastle.asn1.x509.Time nb = new org.bouncycastle.asn1.x509.Time(new DERGeneralizedTime("20030211002120Z"));
    org.bouncycastle.asn1.x509.Time na = new org.bouncycastle.asn1.x509.Time(new Date());
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name("CN=bogusIssuer"));
    myCertTemplate.setSubject(new X509Name("CN=bogusSubject"));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
    DEROutputStream         dOut = new DEROutputStream(bOut);
    Vector<X509Extension> values = new Vector<X509Extension>();
    Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
    int bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
    X509KeyUsage ku = new X509KeyUsage(bcku);
    bOut = new ByteArrayOutputStream();
    dOut = new DEROutputStream(bOut);
    dOut.writeObject(ku);
    byte[] value = bOut.toByteArray();
    X509Extension kuext = new X509Extension(false, new DEROctetString(value));
    values.add(kuext);
    oids.add(X509Extensions.KeyUsage);
        myCertTemplate.setExtensions(new X509Extensions(oids, values));
        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        CertReqMsg myCertReqMsg = new CertReqMsg(myCertRequest);
        ProofOfPossession myProofOfPossession = new ProofOfPossession(new DERNull(), 0);
        myCertReqMsg.setPop(myProofOfPossession);
        AttributeTypeAndValue av = new AttributeTypeAndValue(CRMFObjectIdentifiers.regCtrl_regToken, new DERUTF8String("foo123"));
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

140
141
142
143
144
145
146
147
148
149
150
151
152
          // If authentication was correct, we will now try to find the certificate to revoke
          PKIMessage pkimsg = msg.getMessage();
          PKIBody body = pkimsg.getBody();
          RevReqContent rr = body.getRr();
          RevDetails rd = rr.getRevDetails(0);
          CertTemplate ct = rd.getCertDetails();
          DERInteger serno = ct.getSerialNumber();
          X509Name issuer = ct.getIssuer();
          // Get the revocation reason.
          // For CMPv1 this can be a simple DERBitString or it can be a requested CRL Entry Extension
          // If there exists CRL Entry Extensions we will use that, because it's the only thing allowed in CMPv2
          int reason = RevokedCertInfo.REVOCATION_REASON_UNSPECIFIED;
          DERBitString reasonbits = rd.getRevocationReason();
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
      na = new org.bouncycastle.asn1.x509.Time(notAfter);
    }
    myOptionalValidity.setNotBefore(nb);
    myOptionalValidity.setNotAfter(na);
   
    CertTemplate myCertTemplate = new CertTemplate();
    myCertTemplate.setValidity( myOptionalValidity );
    myCertTemplate.setIssuer(new X509Name(issuerDN));
    myCertTemplate.setSubject(new X509Name(userDN));
    byte[]                  bytes = keys.getPublic().getEncoded();
        ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream         dIn = new ASN1InputStream(bIn);
        SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
    myCertTemplate.setPublicKey(keyInfo);
    // If we did not pass any extensions as parameter, we will create some of our own, standard ones
        X509Extensions exts = extensions;
        if (exts == null) {
          // SubjectAltName
        // Some altNames
            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
            DEROutputStream         dOut = new DEROutputStream(bOut);
            Vector<X509Extension> values = new Vector<X509Extension>();
            Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
          if (altNames != null) {
                GeneralNames san = CertTools.getGeneralNamesFromAltName(altNames);
                dOut.writeObject(san);
                byte[] value = bOut.toByteArray();
                X509Extension sanext = new X509Extension(false, new DEROctetString(value));
                values.add(sanext);
                oids.add(X509Extensions.SubjectAlternativeName);
          }
            // KeyUsage
            int bcku = 0;
            bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
            X509KeyUsage ku = new X509KeyUsage(bcku);
            bOut = new ByteArrayOutputStream();
            dOut = new DEROutputStream(bOut);
            dOut.writeObject(ku);
            byte[] value = bOut.toByteArray();
            X509Extension kuext = new X509Extension(false, new DEROctetString(value));
            values.add(kuext);
            oids.add(X509Extensions.KeyUsage);

            // Make the complete extension package
            exts = new X509Extensions(oids, values);
        }
        myCertTemplate.setExtensions(exts);
    if (customCertSerno != null) {
      // Add serialNumber to the certTemplate, it is defined as a MUST NOT be used in RFC4211, but we will use it anyway in order
      // to request a custom certificate serial number (something not standard anyway)
      myCertTemplate.setSerialNumber(new DERInteger(customCertSerno));
    }

        CertRequest myCertRequest = new CertRequest(new DERInteger(4), myCertTemplate);
        // myCertRequest.addControls(new
        // AttributeTypeAndValue(CRMFObjectIdentifiers.regInfo_utf8Pairs, new
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

267
268
269
270
271
272
273
274
275
276
277
278
279
280
        return myPKIMessage;
    }

    protected PKIMessage genRevReq(String issuerDN, String userDN, BigInteger serNo, Certificate cacert, byte[] nonce, byte[] transid,
            boolean crlEntryExtension) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException {
        CertTemplate myCertTemplate = new CertTemplate();
        myCertTemplate.setIssuer(new X509Name(issuerDN));
        myCertTemplate.setSubject(new X509Name(userDN));
        myCertTemplate.setSerialNumber(new DERInteger(serNo));

        RevDetails myRevDetails = new RevDetails(myCertTemplate);
        ReasonFlags reasonbits = new ReasonFlags(ReasonFlags.keyCompromise);
        myRevDetails.setRevocationReason(reasonbits);
        if (crlEntryExtension) {
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
            final OptionalValidity myOptionalValidity = new OptionalValidity();
            final int day = 1000*60*60*24;
            myOptionalValidity.setNotBefore( new org.bouncycastle.asn1.x509.Time(new Date(new Date().getTime()-day)) );
            myOptionalValidity.setNotAfter( new org.bouncycastle.asn1.x509.Time(new Date(new Date().getTime()+10*day)) );

            final CertTemplate myCertTemplate = new CertTemplate();
            myCertTemplate.setValidity( myOptionalValidity );
            myCertTemplate.setIssuer(new X509Name(this.cacert.getSubjectDN().getName()));
            myCertTemplate.setSubject(new X509Name(userDN));
            final byte[]                  bytes = this.keyPair.getPublic().getEncoded();
            final ByteArrayInputStream    bIn = new ByteArrayInputStream(bytes);
            final ASN1InputStream         dIn = new ASN1InputStream(bIn);
            final SubjectPublicKeyInfo keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject());
            myCertTemplate.setPublicKey(keyInfo);
            // If we did not pass any extensions as parameter, we will create some of our own, standard ones
            if (extensions == null) {
                // SubjectAltName
                // Some altNames
                final Vector<X509Extension> values = new Vector<X509Extension>();
                final Vector<DERObjectIdentifier> oids = new Vector<DERObjectIdentifier>();
                {
                    final GeneralNames san = CertTools.getGeneralNamesFromAltName("UPN=fooupn@bar.com,rfc822Name=rfc822Name@my.com");
                    final ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
                    final DEROutputStream         dOut = new DEROutputStream(bOut);
                    dOut.writeObject(san);
                    final byte value[] = bOut.toByteArray();
                    values.add(new X509Extension(false, new DEROctetString(value)));
                    oids.add(X509Extensions.SubjectAlternativeName);
                }
                {
                    // KeyUsage
                    final int bcku = X509KeyUsage.digitalSignature | X509KeyUsage.keyEncipherment | X509KeyUsage.nonRepudiation;
                    final X509KeyUsage ku = new X509KeyUsage(bcku);
                    final ByteArrayOutputStream bOut = new ByteArrayOutputStream();
                    final DEROutputStream dOut = new DEROutputStream(bOut);
                    dOut.writeObject(ku);
                    final byte value[] = bOut.toByteArray();
                    final X509Extension kuext = new X509Extension(false, new DEROctetString(value));
                    values.add(kuext);
                    oids.add(X509Extensions.KeyUsage);    
                }
                // Make the complete extension package
                myCertTemplate.setExtensions(new X509Extensions(oids, values));
            } else {
                myCertTemplate.setExtensions(extensions);
            }
            return new CertRequest(new DERInteger(4), myCertTemplate);
        }
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

188
189
190
191
192
193
194
195
196
197
  }
 
  @Override
  public PublicKey getRequestPublicKey() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
    final CertRequest request = getReq().getCertReq();
    final CertTemplate templ = request.getCertTemplate();
    final SubjectPublicKeyInfo keyInfo = templ.getPublicKey();
    final PublicKey pk = getPublicKey(keyInfo, "BC");
    return pk;
  }
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

297
298
299
300
301
302
303
304
305
306
307
308
    this.defaultCADN = issuer;
  }
  @Override
  public String getIssuerDN() {
    String ret = null;
    final CertTemplate templ = getReq().getCertReq().getCertTemplate();
    final X509Name name = templ.getIssuer();
    if (name != null) {
      ret = CertTools.stringToBCDNString(name.toString());
    } else {
      ret = defaultCADN;
    }
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

334
335
336
337
338
339
340
341
342
343
344
345
   * @return BigInteger the requested custom certificate serial number or null, normally this should return null.
   */
  public BigInteger getSubjectCertSerialNo() {
    BigInteger ret = null;
    final CertRequest request = getReq().getCertReq();
    final CertTemplate templ = request.getCertTemplate();
    final DERInteger serno = templ.getSerialNumber();
    if (serno != null) {
      ret = serno.getValue();     
    }
    return ret;
  }
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

358
359
360
361
362
363
364
365
366
367
368
369
  }


  @Override
  public X509Name getRequestX509Name() {
    final CertTemplate templ = getReq().getCertReq().getCertTemplate();
    final X509Name name = templ.getSubject();
    if (log.isDebugEnabled()) {
      log.debug("Request X509Name is: "+name);
    }
    return name;
  }
View Full Code Here

Examples of com.novosec.pkix.asn1.crmf.CertTemplate

369
370
371
372
373
374
375
376
377
378
379
380
  }

  @Override
  public String getRequestAltNames() {
      String ret = null;
      final CertTemplate templ = getReq().getCertReq().getCertTemplate();
      final X509Extensions exts = templ.getExtensions();
    if (exts != null) {
      final X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName);
      if (ext != null) {
        ret = CertTools.getAltNameStringFromExtension(ext);
      }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.